Third-party and insider threats one of the biggest concerns to IT pros

External threats are not the main concern for IT professionals, but rather breaches that are linked to vulnerabilities caused by staff or third-party vendors operating within an organization’s own network, Bomgar’s 2018 Privileged Access Threat Report reveals.

In fact, 50% of organizations claimed to have suffered a serious information security breach or expect to do so in the next six months, due to third-party and insider threats – up from 42% in 2017. Additionally, 66% of organizations claimed that they could have experienced a breach due to third-party access in the last 12 months, and 62% due to insider credentials.

privileged access threat

However, a large part of this risk sits with the organizations themselves, as the report found that 73% rely on third-party vendors too heavily, and 72% have cultures that are too trusting of partners.

Problematic employee behavior

In an age where data breaches have immense financial and reputational implications for businesses, these organizations have far too much faith towards those that operate within their network.

Less than 35% of the 1021 surveyed security and IT professionals feel very confident that they have ability to identify threats from employees with privileged access.

The report also found that problematic employee behavior continues to be a challenge for a majority of organizations. Writing down passwords, for example, was cited as a problem by 65% of organizations.

Colleagues telling each other passwords was also a big problem for 54% of organizations in 2018, rising from 46% in 2017. This rise may indicate that poor password hygiene continues to be a growing issue, or it may be that organizations are more aware of these behaviors due to an increased focus on data protection and privacy. Either way, the numbers indicate that securing credentials and passwords continues to be an issue for security and IT professionals.

The report did show that some organizations are managing these risks with a privileged identity and access management (PAM) solution. From the research, these same organizations experience less severe security breaches and have better visibility and control than those who use manual solutions or no solution at all. In fact, less than half (44%) of organizations using PAM experienced a serious breach or expect to in the next 6 months, compared to 69% of those without control of their privileged users.

“IT administrators and third-party vendors need privileged access to be able to do their jobs effectively, but the number of privileged users is growing exponentially, and access to systems and data is often being granted in an uncontrolled way,” commented Matt Dircks, CEO of Bomgar.

“In the face of growing threats together with the introduction of the EU GDPR, there has never been a greater need to implement organization-wide strategies and solutions to manage and control privileged access.”

RSA Conference 2018